Zyxel D1000 eircom Router Manual PDF (Setup & Configuration Guide)

Page 151 / 228 Scroll up to view Page 146 - 150

Chapter 13 Firewall

ericom D1000 modem User’s Guide

151

13.4

The Rules Screen

Click

Security > Firewall > Rules

to display the following screen. This screen displays a list of the

configured firewall rules. Note the order in which the rules are listed.

Note: The firewall configuration screen shown in this section is specific to the following

devices: P-The ordering of your rules is very important as rules are applied in turn.

Figure 102

Security > Firewall > Rules

The following table describes the labels in this screen.

Table 57

Security > Firewall > Rules

LABEL

DESCRIPTION

Firewall Rules Storage

Space in Use

This read-only bar shows how much of the Device's memory for recording firewall

rules it is currently using. When you are using 80% or less of the storage space, the

bar is green. When the amount of space used is over 80%, the bar is red.

Packet Direction

Use the drop-down list box to select a direction of travel of packets for which you

want to configure firewall rules.

Create a new rule

after rule number

Select an index number and click

Add

to add a new firewall rule after the selected

index number. For example, if you select “6”, your new rule becomes number 7 and

the previous rule 7 (if there is one) becomes rule 8.

The following read-only fields summarize the rules you have created that apply to

traffic traveling in the selected packet direction. The firewall rules that you configure

(summarized below) take priority over the general firewall action settings in the

General

screen.

#

This is your firewall rule number. The ordering of your rules is important as rules are

applied in turn.

Active

This field displays whether a firewall is turned on or not. Select the check box to

enable the rule. Clear the check box to disable the rule.

Source IP Address

This column displays the source addresses or ranges of addresses to which this

firewall rule applies. Please note that a blank source or destination address is

equivalent to

Any

.

Destination IP Address

This column displays the destination addresses or ranges of addresses to which this

firewall rule applies. Please note that a blank source or destination address is

equivalent to

Any

.

Service

This column displays the services to which this firewall rule applies.

Action

This field displays whether the firewall silently discards packets (

Drop

), discards

packets and sends a TCP reset packet or an ICMP destination-unreachable message

to the sender (

Reject

) or allows the passage of packets (

Permit

).

Page 152 / 228

Chapter 13 Firewall

ericom D1000 modem User’s Guide

152

13.4.1

The Rules Add Screen

Use this screen to configure firewall rules. In the

Rules

screen, select an index number and click

Add

or click a rule’s

Edit

icon to display this screen and refer to the following table for information

on the labels.

Source Interface

This column displays the source interface to which this firewall rule applies. This is

the interface through which the traffic entered the Device. Please note that a blank

source interface is equivalent to

Any

.

Destination Interface

This column displays the destination interface to which this firewall rule applies. This

is the interface through which the traffic is destined to leave the Device. Please note

that a blank source interface is equivalent to

Any

.

Modify

Click the

Edit

icon to go to the screen where you can edit the rule.

Click the

Remove

icon to delete an existing firewall rule. A window displays asking

you to confirm that you want to delete the firewall rule. Note that subsequent firewall

rules move up by one when you take this action.

Order

Click the

Order

icon to display the

Move the rule to

field. Type a number in the

Move

the rule to

field and click the

Move

button to move the rule to the number

that you typed. The ordering of your rules is important as they are applied in order of

their numbering.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 57

Security > Firewall > Rules (continued)

LABEL

DESCRIPTION

Page 153 / 228

Chapter 13 Firewall

ericom D1000 modem User’s Guide

153

Figure 103

Security > Firewall > Rules > Add

The following table describes the labels in this screen.

Table 58

Security > Firewall > Rules > Add

LABEL

DESCRIPTION

Active

Select this option to enable this firewall rule.

Action for Matched

Packets

Use the drop-down list box to select whether to discard (

Drop

), deny

and send an

ICMP destination-unreachable message to the sender of (

Reject

) or allow the

passage of (

Permit

) packets that match this rule.

IP Version Type

Select the IP version,

IPv4

or

IPv6

, to apply this firewall rule to.

Rate Limit

Set a maximum number of packets per second, minute, or hour to limit the

throughput of traffic that matches this rule.

Maximum Burst

Number

Set the maximum number of packets that can be sent at the peak rate.

Log

This field determines if a log for packets that match the rule is created or not.

Page 154 / 228

Chapter 13 Firewall

ericom D1000 modem User’s Guide

154

13.4.2

Customized Services

Configure customized services and port numbers not predefined by the Device. For a

comprehensive list of port numbers and services, visit the IANA (Internet Assigned Number

Authority) website. Click the

Edit Customized Services

button while editing a firewall rule to

configure a custom service port. This displays the following screen.

Figure 104

Security > Firewall > Rules: Edit: Edit Customized Services

Rules Source/Destination Address

Address Type

Do you want your rule to apply to packets with a particular (single) IP, a range of IP

addresses (for instance, 192.168.1.10 to 192.169.1.50), a subnet or any IP address?

Select an option from the drop-down list box that includes:

Single Address

,

Range

Address

,

Subnet Address

and

Any

Address

.

Start IP Address

Enter the single IP address or the starting IP address in a range here.

End IP Address

Enter the ending IP address in a range here.

Subnet Mask

Enter the subnet mask here, if applicable.

Source Mac Address

Specify a source MAC address of traffic to which to apply this firewall rule applies.

Please note that a blank source MAC address is equivalent to any.

Source Interface

Specify a source interface to which this firewall rule applies. This is the interface

through which the traffic entered the Device. Please note that a blank source

interface is equivalent to any.

Destination Interface

Specify a destination interface to which this firewall rule applies. This is the interface

through which the traffic is destined to leave the Device. Please note that a blank

source interface is equivalent to any.

Services

Available Services

Select a service from the

Available Services

box.

Edit Customized

Service

Click the

Edit Customized Service

button to bring up the screen that you use to

configure a new custom service that is not in the predefined list of services.

TCP Flag

Specify any TCP flag bits the firewall rule is to check for.

Schedule

Select the days and time during which to apply the rule. Select

Everyday

and

All

Day

to always apply the rule.

OK

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Table 58

Security > Firewall > Rules > Add (continued)

LABEL

DESCRIPTION

Page 155 / 228

Chapter 13 Firewall

ericom D1000 modem User’s Guide

155

The following table describes the labels in this screen.

13.4.3

Customized Service Add/Edit

Use this screen to add a customized rule or edit an existing rule. Click

Add

or the

Edit

icon next to

a rule number in the

Firewall Customized Services

screen to display the following screen.

Figure 105

Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit

The following table describes the labels in this screen.

Table 59

Security > Firewall > Rules: Edit: Edit Customized Services

LABEL

DESCRIPTION

#

This is the number of your customized port.

Name

This is the name of your customized service.

Protocol

This shows the IP protocol (

TCP

or

UDP

) that defines your customized service.

Port Type

This is the port number or range that defines your customized service.

Start Port

This is a single port number or the starting port number of a range that defines your

customized service.

End Port

This is a single port number or the ending port number of a range that defines your customized

service.

Modify

Click this to edit a customized service.

Add

Click this to configure a customized service.

OK

Click this to confirm and save your settings.

Table 60

Security > Firewall > Rules: Edit: Edit Customized Services: Add/Edit

LABEL

DESCRIPTION

Config

Service Name

Type a unique name for your custom port.

Service Type

Choose the IP port (

TCP

or

UDP

) that defines your customized port from the drop down list

box.

Port Configuration

Type

Click

Single

to specify one port only or

Port Range

to specify a span of ports that define

your customized service.

Port Number

Type a single port number or the range of port numbers that define your customized

service.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save your changes.

Cancel

Click this to restore your previously saved settings.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share